Any TRUE programmer can also program in reverse, i.e. de-program.

Let's see if you can assist the global effort in documenting the
xz-backdoor.

GNU/Linux has the absolute best tool for the job: Ghidra.

https://ghidra-sre.org/

I have posted an image of the xv-backdoor loaded into ghidra
and analyzed:

https://i.postimg.cc/NsrmMvDv/xz-backdoor.png

The left panel shows the dissassembled code and the right shows
the corresponding de-compile.

Notice the match:

xor edi, edi
mov esi, 0x12
mov edx, 0x46
mov ecx, 0x02
CALL .Llzma_decoder_end.1 <==> iVar4 = .Llzma_decoder_end.1(0, 0x12, 0x46, 2);

TEST EAX, EAX
JZ LAB_00100606 <==> if (iVar4 == 0) {

Ghidra is fucking fantastic!

Unfortunately, I will not be attempting to document the backdoor.
To do so would entail first learning thoroughly the functions of
sshd and I am not at all interested in network programming.

Yes, sshd. Did you think that the xz-backoor was about compression/ decompression? Ha, ha, ha, ha, ha, ha, ha, ha, ha!

Think again.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 4/13/2024 11:21 AM, Lyin' Larry lied:

Any TRUE programmer can also program in reverse, i.e. de-program.

YOU didn't de-program anything. The "REAL MAN" programmers behind
ghidra did it for you.

And why are you showing code anyway? You said programming was about
problem solving, not coding. Whoops. Break out the Whitman quote.

Bottom line: you're a fraud, and NOT a programmer.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 4/13/2024 11:21 AM, Lameass Larry wrote:

GNU/Linux has the absolute best tool for the job: Ghidra.

So does Windows and MacOS.



ghidra is written in Java, and about Java you said:

"Only a fucking idiot asshole would favor those heaps of junk (Java,
Python, etc)"

babble babble

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Farley Flud wrote this copyrighted missive and expects royalties:

Ha, ha, ha, ha, ha, ha, ha, ha, ha!

I'll bet the key-label on this joker's macro key for
"Ha, ha, ha, ha, ha, ha, ha, ha, ha!" is worn out.

--
Living your life is a task so difficult, it has never been attempted before.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Farley Flud <ff@linux.rocks> wrote at 15:21 this Saturday (GMT):

Any TRUE programmer can also program in reverse, i.e. de-program.

Let's see if you can assist the global effort in documenting the
xz-backdoor.

GNU/Linux has the absolute best tool for the job: Ghidra.

https://ghidra-sre.org/

I have posted an image of the xv-backdoor loaded into ghidra
and analyzed:

https://i.postimg.cc/NsrmMvDv/xz-backdoor.png

The left panel shows the dissassembled code and the right shows
the corresponding de-compile.

Notice the match:

xor edi, edi
mov esi, 0x12
mov edx, 0x46
mov ecx, 0x02
CALL .Llzma_decoder_end.1 <==> iVar4 = .Llzma_decoder_end.1(0, 0x12, 0x46, 2);

TEST EAX, EAX
JZ LAB_00100606 <==> if (iVar4 == 0) {

Ghidra is fucking fantastic!

Unfortunately, I will not be attempting to document the backdoor.
To do so would entail first learning thoroughly the functions of
sshd and I am not at all interested in network programming.

Yes, sshd. Did you think that the xz-backoor was about compression/ decompression? Ha, ha, ha, ha, ha, ha, ha, ha, ha!

Think again.

I'm not a security expert, nor do I claim to be. The only time I've
touched ghidra was to mod a GBA game, but I never deleted it from my
desktop.
--
user <candycane> is generated from /dev/urandom

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)